Learn how to reverse and patch an easy APK in this Android HackTheBox challange called APKrypt.

This video shows what I consider to be the best platforms to learn offensive cybersecurity and practice your penetration testing skills in 2022.

Learn how to bypass the addslashes() function using format strings and get SQL Injection in this HackTheBox challange called baby sql.

Learn how to exploit Pickle Insecure Deserialization! HackTheBox "baby website rick" wirteup is now available!

Knife is a Easy difficulty Linux box from HackTheBox based on the exploitation of a backdoored PHP version. After having identified the backdoor by inspecting the source code on GitHub it is possible to obtain code execution and obtain an access as james. The user is allowed to run knife with high privileges. Since knife allows to edit files using vi and it does not drop privileges, it is possible to leverage this issue and escalate to root spawning an interactive shell from within vi.

Love is a Easy difficulty Windows machine based on the exploitation of a SSRF to enumerate local contents, disclose administrative credentials and access a restricted area vulnerable to arbitrary file upload. Privilege escalation can be achieved abusing the AlwaysInstallElevated privileges.

TheNoteBook is a medium difficulty Linux box running a custom web application vulnerable to authorization bypass caused by a SSRF that allows to validate arbitrary JWT.

HackTheBox "Ophiuchi" wirteup is now available!

Tenet is an medium difficulty Linux machine on HackTheBox vulnerable to PHP deserialization vulnerability and based on code review.

ScriptKiddie is an easy difficulty Linux HackTheBox machine based on known vulnerabilities for traditional hacking tools.